This policy explains what information Turfy collects, why we collect it, who we share it with, and the rights you have over your data.
Effective date: May 4, 2026
Turfy is a lawn care business management platform operated by Dokodoholding LLC ("Turfy", "we", "us"). This policy covers the Turfy mobile app, the Turfy web app, and the marketing site at turfy.io.
You can reach us at any time at:
We only collect information that the app needs to operate. The categories below match the disclosures in the app's App Store privacy label.
When you sign up, we collect your name, email address, and a hashed password. If you join an organization, we record the role assigned to you within that organization.
Turfy stores the operational data you enter — customers, properties, jobs, schedules, invoices, crew members, and notes. This data belongs to your organization. We process it on your behalf to provide the service.
With your permission, the mobile app collects precise location to power GPS clock-in, route navigation, and real-time crew positions on the dispatch map. Background location is only used while you are clocked in to an active job. You can revoke this permission at any time in iOS or Android settings.
With your permission, the app uses the camera and photo library to attach before/after photos to visits and jobs. Photos are uploaded to your organization's storage; we do not scan their contents.
If you enable Face ID or Touch ID for sign-in, that biometric verification happens entirely on your device using Apple's Secure Enclave. Turfy never receives or stores your biometric data.
If you opt in, we use push notification tokens issued by Apple or Google to deliver job alerts and reminders. You can turn these off in your device settings.
Subscription payments are handled by Stripe. We receive subscription status, the last four digits of your payment card, and the country of issue. Full card numbers never reach Turfy's servers.
We collect product analytics — pages viewed, features used, approximate device type, and crash diagnostics — to understand how the product is used and to fix bugs. This is processed through PostHog. We do not use this data for advertising or sell it to anyone.
The web app and marketing site use first-party cookies and local storage for authentication sessions and analytics. The mobile app uses local storage on your device for the same purposes. We do not use third-party advertising or cross-site tracking cookies.
We use the information described above to:
We do not sell personal information. We do not use your operational data to train AI models. We do not show third-party ads inside Turfy.
Turfy shares the minimum information necessary with the following service providers, each of which is contractually bound to protect it to a standard at least equivalent to this policy.
| Provider | Purpose | Data shared |
|---|---|---|
| Supabase | Database & file hosting | All operational data |
| Stripe | Subscription billing | Billing contact, payment metadata |
| PostHog | Product analytics & crash diagnostics | Pseudonymous usage events |
| Resend | Transactional email | Email address, message content |
| Twilio | Transactional SMS | Phone number, message content |
| Apple / Google | Push notifications | Device push token |
We keep your account and operational data for as long as your organization has an active Turfy subscription. After you cancel, the data is retained for 30 days to allow reactivation, and then permanently deleted from production systems. Encrypted backups are rotated out within an additional 60 days.
Diagnostic and analytics events are retained for a maximum of 13 months.
Depending on where you live, you may have the right to:
California residents have additional rights under the CCPA, including the right to know what categories of personal information we collect and the right to opt out of any "sale" or "sharing" of personal information. Turfy does not sell or share personal information for cross-context behavioral advertising.
To exercise any of these rights, email jonah@kybercore.ai. We will respond within 30 days. You may also delete your account directly from Settings → Account inside the app.
Data is encrypted in transit using TLS and at rest at our database and storage providers. Passwords are hashed. Access to production systems is restricted to authorized personnel and audited. No system is perfectly secure, but we work to protect your information using industry-standard practices.
Turfy is operated from the United States. If you access the service from outside the U.S., your information will be transferred to and processed in the U.S. and other jurisdictions where our service providers operate. Where required, we rely on standard contractual clauses and equivalent safeguards for these transfers.
Turfy is a business tool intended for use by adults. We do not knowingly collect personal information from children under 13 (or under 16 in the EEA / UK). If you believe a child has provided us with information, contact us and we will delete it.
We may update this policy as the product evolves. When we make material changes, we will update the effective date at the top of this page and, where appropriate, notify you in the app or by email before the change takes effect.
Questions, concerns, or privacy requests: